InfoSec Round-Up: January 17th
Ryuk Ransomware Gang, Cryptocurrency Fortunes & SolarWinds
This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.
UN Staff Records Exposed
Security researchers have disclosed a systems vulnerability in United Nations’ systems which saw over 100,000 employee records exposed.
Discovered by ethical hacking and security research group ‘Sakura Samurai’, the records relate to, amongst other projects, the United Nations Environmental Programme (UNEP) and contained extensive personally identifiable information, including names, ID numbers, gender, pay grade, records of travel and evaluation reports.
Stemming from exposed Git directories and credentials, the flaw was found as part of the United Nation's Vulnerability Disclosure Program, in which the intragovernmental organisation encourages researchers to find and disclose security flaws in the UN’s publicly accessible systems.
Though the issue was quickly addressed, the UN is a frequent target for hackers, with hundreds of gigabytes of internal UN data being exfiltrated in a 2019 attack.
Speaking to their research, a representative of Sakura Samurai explained, “When we started researching the UN, we didn't think it would escalate so quickly. Within hours, we already had sensitive data and had identified vulnerabilities. Overall, in less than 24 full hours we obtained all of this data.”
Ryuk Ransomware Cartel Amasses $150M
According to research studying the flow of elicit Bitcoin ‘earnings’, operators of the Ryuk strain of ransomware have profited to the tunes of over $150M.
Responsible for many high-profile attacks, such as last year’s Sopra Steria hack, and that against Baltimore County school district, Ryuk was first observed in 2018 and represents a significant international information security threat.
Often not observed until a period of time after the initial infection (ranging from days to months), the operators will often gather extensive intelligence upon a target to help leverage ransom negotiations.
Based on the analysis of 61 associated Bitcoin addresses, researchers at security firm HYAS have also reported that the ransomware gang has funnelled their ill-gotten gains via two Asia-based exchanges, Huobi and Binance, which according to researchers are “structured in a way that probably wouldn’t obligate them to comply [with international finance laws]”
The researchers further noted, “With the limited visibility available to analysts, it is painfully clear that the criminals behind Ryuk are very business-like and have zero sympathy for the status, purpose or ability of the victims to pay.”
Crypto Wallet Disaster
We have all been in that awkward position of having forgotten a password, but for programmer Stefan Thomas, his forgetfulness may have cost him around $240m.
Mr Thomas, a German programmer living in San Francisco was, over a decade ago, paid 7,002 bitcoins as payment for making a video explaining how cryptocurrency works. Storing his earnings in an IronKey digital wallet, Mr Thomas reportedly wrote his password down on a piece of paper.
Skip forward several years; bitcoin’s value has grown exponentially, and those 7,002 bitcoins are now currently worth around $240m. Unfortunately, Mr Thomas has forgotten his password and lost his note, and crucially, after 10 failed attempts, the wallet becomes completely inaccessible.
Having already made 8 failed attempts, Mr Thomas is almost out of options.
With some security professionals reaching out online to offer their assistance, the unfortunate programmer is not the first to have been locked out of their fortune. It is estimated around a mindboggling $140bn worth of Bitcoin is lost or left in inaccessible wallets.
A particularly visceral example of the importance of proper password security and practices, Mr Thomas told The New York Times “I would just lay in bed and think about it… Then I would go to the computer with some new strategy”, adding “I got to a point where I said to myself, ‘let it be in the past, just for your own mental health.’”
Microsoft President Condemns SolarWinds Hack
Microsoft President Brad Smith has, at the CES technology trade show, referred to the SolarWinds hack as a “mass indiscriminate global assault” that should act as a wake-up call to security professionals.
The SolarWinds network monitoring software was attacked sometime last year, being altered to provide hackers with a backdoor into the systems of its users. A compromise which was disclosed by the company in December.
The attack, which distributed roughly 18,000 packages of malware onto organisations’ networks, is believed to have originated from the Russian state and compromised accounts at the US Department of Justice as well as many other government agencies across the world.
As one of the many organisations affected, Microsoft’s Brad Smith noted in his speech, “Governments have spied on each other for centuries… but we’ve long lived in a world where there were norms and rules that created expectations about what was appropriate and what was not; and what happened with SolarWinds was not.”
Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
ISO 27001 vs SOC 2 Certifications - what's the difference? SOC 2 is a type of audit report focusing on security controls. ISO27001 is a compliance standard focused on high level information security.
Assange Extradition, Vaccine Scams, App Bans & SolarWinds Hack - InfoSec Round-Up Jan 10th
Inside Attacker Jailed, GDPR Fines Twitter & Trump’s Twitter Password - InfoSec Round-Up Dec 20th
The Five Biggest Breaches and Hacks of 2020. Information Security blog by Information Security Awareness provider Hut Six Security.
Foxconn Ransomware, FireEye Hacked & Google Fined €100M - InfoSec Round-Up Dec 13th
Preparing for SOC 2 Compliance. What are the 5 Trust Service Principles? Security · Availability · Processing Integrity · Confidentiality · Privacy
Top 10 Security Tips for Remote Work. Securing Work from Home blog image by Information Security Awareness Training provider Hut Six Security.
iOS Wi-Fi Exploits, School Ransomware & Vaccine Supply Chain Targeted - InfoSec Round-Up Dec 6th
Building a Business Case for Information Security Awareness Training blog by Information Security Awareness Training provider Hut Six.
€50M Ransomware Attack, Spotify Details Exposed & Man-United Breach - InfoSec Round-Up Nov 29th